GitHub is amazing, but when you start running at scale with many repositories managing your organisation starts to become a huge hassle.
I’ve hit this problem multiple times across multiple companies and want to share the solution to the problems “how to keep your repos consistent” and “how to secure your GitHub estate”.
GitHub doesn’t provide any real orchestration tools for managing more than 1 repository at once. There are hundreds of options within each repo for access controls, webhooks, labels, disabling issues/projects, choosing a preferred merge approach, branch protection and finally GPG signing – all of these options require continual maintenance to keep them set correctly.
The key takeaways are;
– Just using GitHub doesn’t automatically make your code secure, there are multiple setup steps to take, and things to continually be checking.
– A few key things to check on your Organisation Settings
– Some ways, tools and ideas automate this pain away the DevOps way